Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regression when an API key has no name #59481

Closed
tylersmalley opened this issue Jul 14, 2020 · 2 comments · Fixed by #59485
Closed

Regression when an API key has no name #59481

tylersmalley opened this issue Jul 14, 2020 · 2 comments · Fixed by #59485
Assignees
@ywangd
Labels
>bug :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)

Comments

@tylersmalley
Copy link
Contributor

#58156 introduced a regression causing the following errors within Kibana:

   │ info [o.e.x.s.a.AuthenticationService] [desktop] Authentication using apikey failed - apikey authentication for id NB-BSnMBuA9FcpEJrQtR encountered a failure
   │      org.elasticsearch.common.xcontent.XContentParseException: [1:532] [api_key_doc] name doesn't support values of type: VALUE_NULL

These failures are being tracked in elastic/kibana#71559, elastic/kibana#71558 and elastic/kibana#71555
@tylersmalley tylersmalley added >bug needs:triage Requires assignment of a team area label labels Jul 14, 2020
@ywangd ywangd added the :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) label Jul 14, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (:Security/Authentication)

@elasticmachine elasticmachine added the Team:Security Meta label for security team label Jul 14, 2020
@ywangd ywangd removed Team:Security Meta label for security team needs:triage Requires assignment of a team area label labels Jul 14, 2020
@ywangd ywangd mentioned this issue Jul 14, 2020
Merged
@ywangd
Copy link
Member

ywangd commented Jul 14, 2020

@tylersmalley I raised #59485 to fix this issue.

We consider API keys with null names as a bug and raised an issue (#59484) for it. Creating API keys always require a name to be specified. However, when grant API key action is added, this requirement is missed out. We plan to fix it in a future release (post v7.9). For backwards compatibility, we will continue to support API keys without names internally. But the API will be updated so that the API key name is mandatory for granting API keys. Please note Kibana's usage of granting API keys needs to be updated when #59484 is fixed. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ywangd ywangd

Labels
>bug :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow null name when deserialising API key document ywangd/elasticsearch
3 participants
@tylersmalley @ywangd @elasticmachine